[avahi] [PATCH] [RFC] Untested interface limitation patch

Lennart Poettering lennart at poettering.net
Sun May 11 15:24:19 PDT 2008 

On Mon, 12.05.08 01:45, Stefan de Konink (avahi at ml.kinkrsoftware.nl) wrote:

>  > > I'd prefer if we'd also get an interface blacklist at the same time
>  > > as a whitelist, but that wouldn't hinder me to merge your
>  > > patch. (i.e. "deny-interfaces" would be cool in addition to
>  > > "allow-interface").
>
> I'll do this too then. Since it is the same function. What would be the
> resolve scenario? First deny then allow?

For security reasons deny should have the last word.

I'd also suggest adding a warning to syslog when allow-interfaces is
set to a non-empty list and deny-interfaces is set too (and vice
versa). Should be pretty simple, and might help people identify
configuration problems. After all it doesn't make sense to have both a
white and a black list at the same time -- for a binary question.

>  >> > > -INT avahi_interface_is_relevant(AvahiInterface *i) {
>  >> > > +static int avahi_interface_is_relevant_iter(AvahiInterface *i) {
>  > >
>  > > Hmm, why did you call this "_iter"? I see no iterator involved here */
>
> Basically because of the function under it. Any good hints? _static,
> _private, _child?

_internal

>  >> > >      AvahiInterfaceAddress *a;
>  >> > >
>  >> > > -    assert(i);
>  >> > > +    assert(i); // Not really required
>  > >
>  > > Hehe, *no* assert is really required.
>
> It is already done by its parent. (The function under it that was
> actually the added code, and nobody should call this static one
> anyway)

/me loves his paranoia.

>  > > Otherwise I am happy, no further nitpicking  ;-)
>
> Since nobody tested the patch on working I hope you will volunteer
> ;)

I kind of assumed that the one who submitted the patch made sure it
actually does what is advertised. ;-)

>  > > Thanks for your patch!
>
> You're welcome. A little nitpicking on my own... in my private network
> at home I get very annoyed by Avahi just guessing my SSH port is at 22,
> would it be possible to check this before advertising?

That's just an example static service file we happen to ship with
Avahi. If you don't like it don't use it, or patch it. Just remove
/etc/avahi/services/ssh.service and the service should go away.

Lennart

--
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net         ICQ# 11060553
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the avahi mailing list